public async Task <IActionResult> AddComment(string postId, Comment comment)
{
var post = await _blog.GetPostById(postId);
if (!ModelState.IsValid)
{
return(View("Post", post));
}
if (post == null || !post.AreCommentsOpen(_settings.Value.CommentsCloseAfterDays))
{
return(NotFound());
}
comment.IsAdmin = User.Identity.IsAuthenticated;
comment.Content = comment.Content.Trim();
comment.Author = comment.Author.Trim();
comment.Email = comment.Email.Trim();
// the website form key should have been removed by javascript
// unless the comment was posted by a spam robot
if (!Request.Form.ContainsKey("website"))
{
post.Comments.Add(comment);
await _blog.AddCommentAsync(post.Id, comment);
}
return(Redirect(post.GetLink() + "#" + comment.Id));
}
public async Task <JsonResult> SaveComment([FromBody] CommentViewModel comment, int postid)
{
try
{
if (ModelState.IsValid)
{
comment.Text = Sanitizer.GetSafeHtmlFragment(comment.Text);
comment.Email = Sanitizer.GetSafeHtmlFragment(comment.Email);
comment.name = Sanitizer.GetSafeHtmlFragment(comment.name);
if (!comment.Email.EmailValidation())
{
return(Json("email is not valid"));
}
await service.AddCommentAsync(new PostCommentDto()
{
Email = comment.Email,
Name = comment.name,
Text = comment.Text,
PostId = postid
});
await service.SaveChangesAsync();
return(Json("success"));
}
else
{
StringBuilder sb = new StringBuilder();
foreach (var item in ModelState.Values)
{
foreach (var error in item.Errors)
{
sb.AppendLine(error.ErrorMessage);
}
}
return(Json(sb.ToString()));
}
}
catch (Exception)
{
throw;
}
}
